From: Dale Kling (dalek77@gmail.com)
Date: Thu Jun 05 2008 - 23:26:07 ART
So I found this in the 3560 Security ACL guide:
"The switch does not support dynamic or reflexive access lists. It also does
not support filtering based on the type of service (ToS)
minimize-monetary-cost bit."
Yet, I was able to configure it and it worked, albeit not the timeout
feature for me.
regards,
Dale
On Thu, Jun 5, 2008 at 10:16 PM, Dale Kling <dalek77@gmail.com> wrote:
> I configured lock and key on 3 routers and 3 switches to try and figure
> this issue out.
>
> The task I had required I configure lock and key on a switch, particularly
> a 3560. It required to allow only a specific host and a timeout of 10 mins.
>
> Not a big deal, I said ok this is easy, I've done it like 25 times the past
> few months. Why is it I can get the timeout feature to work on any router I
> try, but it doesn't work on the switches. After I authenticate, I go look
> at the ACL And there is no timeout applied if it's done on a switch. The
> host feature works by adding the specific host to the dynamic entry, but not
> the timeout. It works on routers all day long.
>
> Is this buggy on the switches? I've seen this problem before and figured
> it'd work itself out somehow, but now that I'm getting more anal I want to
> know why this crap is doing this. After this, I'm going to read the DOCCD
> on lockandkey in the switch guide and I'll probably find that timeout
> doesn't work on them or something. :\
>
> regards,
>
> Dale
This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:21 ART